[EXTERNAL] [PATCH] EVM: fix the evm= __setup handler return value

[Mimi Zohar]

On Tue, 2022-02-22 at 13:45 -0800, Randy Dunlap wrote:
> __setup() handlers should return 1 if the parameter is handled.
> Returning 0 causes the entire string to be added to init's
> environment strings (limited to 32 strings), unnecessarily polluting it.
> 
> Using the documented string "evm=fix" causes an Unknown parameter message:
>   Unknown kernel command line parameters
>   "BOOT_IMAGE=/boot/bzImage-517rc5 evm=fix", will be passed to user space.
> 
> and that string is added to init's environment string space:
>   Run /sbin/init as init process
>     with arguments:
>      /sbin/init
>     with environment:
>      HOME=/
>      TERM=linux
>      BOOT_IMAGE=/boot/bzImage-517rc5
>      evm=fix
> 
> With this change, using "evm=fix" acts as expected and an invalid
> option ("evm=evm") causes a warning to be printed:
>   evm: invalid "evm" mode
> but init's environment is not polluted with this string, as expected.
> 
> Fixes: 7102ebcd65c1 ("evm: permit only valid security.evm xattrs to be updated")
> Signed-off-by: Randy Dunlap <rdunlap at infradead.org>
> Reported-by: Igor Zhbanov <i.zhbanov at omprussia.ru>
> Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3 at omprussia.ru

Thanks,  Randy, Igor.

The patch is queued in #next-integrity-testing.

Mimi